現在我們很多項目都是基於Java的REST結構風格前后端分離,在前端訪問后端的時候就存在跨域,這個時候后端接口不處理就會存在訪問不了。上代碼!
1、創建一個Filter 在web.xml中配置
<filter> <filter-name>xssAndSqlFilter</filter-name> <filter-class>com.tzdr.btc.user.filter.XssAndSqlFilter</filter-class> <!--過濾掉 靜態資源文件 指定字符串 多個值用英文逗號隔開--> <init-param> <param-name>excludedPages</param-name> <param-value>/tesra/</param-value> </init-param> </filter> <filter-mapping> <filter-name>xssAndSqlFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
2、在Filter的doFiler方法中添加設置
@Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { boolean isExcludedPage = Boolean.TRUE; HttpServletResponse httpResponse = (HttpServletResponse) response; HttpServletRequest request1 = (HttpServletRequest) request; //*表示允許所有域名跨域 httpResponse.setHeader("Access-Control-Allow-Origin", request1.getHeader("Origin")); httpResponse.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE"); httpResponse.setHeader("Access-Control-Max-Age", "0"); httpResponse.setHeader("Access-Control-Allow-Headers", "Origin, No-Cache, X-Requested-With, If-Modified-Since, Pragma, Last-Modified, Cache-Control, Expires, Content-Type, X-E4M-With,userId,token,Access-Control-Allow-Headers"); httpResponse.setHeader("Access-Control-Allow-Credentials", "true");//這個是設置運行攜帶cookie httpResponse.setHeader("XDomainRequestAllowed","1"); //判斷是否在過濾url之外 for (String page : excludedPageArray) { if(((HttpServletRequest) request).getServletPath().contains(page)){ isExcludedPage = Boolean.FALSE; break; } } //在過濾url之外 if (isExcludedPage) { XssAndSqlHttpServletRequestWrapper xssRequest = new XssAndSqlHttpServletRequestWrapper((HttpServletRequest) request); chain.doFilter(xssRequest, response); } else{ chain.doFilter(request, response); } }
這樣完成以后 再訪問接口就能成功訪問了。
QQ群號:216868740